The Software Engineer’s Cart

Social news site Reddit has a programming ‘subreddit’, where links to stories about subjects of interest to nerds like me are posted. Also included are ‘Ask Reddit’ posts, meant to provoke discussion.

This one crossed my radar today. A Reddit user asks other users to answer the question “If you wrote an Open-Source voting program, what security measures would you put in place?”

Several posters go on to post ruminations about dual-key cryptography, or cooking up elaborate schemes for voting machines which don’t seem to offer any advantages over hand-counted ballots.

This is an example of a problem which software engineers or programmers are sometimes unsuited to answer. It’s very easy to start dreaming up software-based solutions to this or that problem, but in some cases, software isn’t the answer. We’re not just putting the cart before the horse — it’s a defective cart.

The US electoral system is, in many ways, quite backwards. Voluntary voting encourages voter suppression and GOTV tactics, electoral institutions are staffed by openly partisan individuals, the outcome is determined by simple plurality, voting takes place on a working day, there doesn’t seem to be scrutineers, ballot boxes aren’t numbered, logged and sealed with numbered, logged tags … the design advantages of the Australian way of conducting elections go on and on.

In the case of the USA, improving the voting system has nothing whatever to do with the security or otherwise of voting machines. It has to do with fundamental reforms to the essential nature of the ballot itself. No amount of technical genius can overcome the fact that the system is rotten and is seen as rotten.

11 Responses to The Software Engineer’s Cart

Agreed on a few basic points, their two-party system with no preferences has served to silence a lot of important minority viewpoints and the lack of political diversity is probably one of the things that allowed George W to run roughshod over pretty much everything. The other thing is that Americans are reluctant to spend much on elections. Per-capita, Australian elections are about 5 times more expensive (which doesn’t bother me in the least, of all my tax dollars spent, the AEC is the best return for the money thanks to Rummel’s Law). I’m kind of glad that Australia chose the preference system that it did. Although did you know that there are circumstances where voting [1] for your favourite candidate can actually make them lose (a strange and rare defect in the Australian system)?

I’m a supporter of paper ballots, and my argument is pretty simple: justice must be done, and justice must be seen to be done. Only paper ballots deliver the transparency of the system that non-geeks can understand the process. Maybe in another century we will be ready for computer ballots.

However, for those who really do like the idea of computer voting machines here’s a few links:

Not sure about the guys on Redit, but there are some tricky bits in the theory of whether it is even possible to make a software system that the math-heads are comfortable with — not the sort of stuff that a few bright sparks on a mailing list can knock over on a weekend. I’d guess there are a few more years of solid research before we even have a plausible design (regardless of implementation details), then there’s the legal details, then there’s getting people to accept it.

I’d agree about the “justice must be *seen* to be done” bit. On that basis, the logical way to set-up a computer voting system is to make it as open as possible: publish all the source code, allow anyone to log on to the system and watch it working. That way the chances that a single or a few powerful individuals could corrupt to their own ends are kept pretty low, even if there’s a near certainty that a handful of independent hackers from all over the globe manage to manipulate the results each to their own individual ends.

I’d also say that the system must still print out paper ballots as a backup, and as a form of physical representation of votes that everyone, with or without computer skills, can see. The paper ballots could still then be counted automatically by a completely seperate automated system, and a sample of them (5% is probably enough, unless the result is very close) counted by hand.

NPOV — as soon as you print paper ballots, someone will dispute the count and demand a hand count and you’re back where you started for no benefit. If you don’t print ballots, the count can’t be verified and isn’t seen as trustworthy.

“Somebody demanding a hand count” isn’t the same as “a full hand-count becomes inevitable”.

Are there any significant nations or states (say, population > 10 million) that use 100% electronic voting? According to wikipedia, 29% of voters in the 2004 U.S. presidential election used some form of electronic voting, which must be in the order of 20 million users. Presumably somebody confirmed that the results from electronic votes correlated with those from paper ballots?

The reason the yanks are talking about voting machines is because they don’t trust the hand ballot. They don’t trust the hand ballot because they lack most of the basic things we take for granted, such as non-partisan officials and numbered ballot boxes.

The AEC experimented with voting machines in the ACT that did not print. I don’t know what the state of play is. It has always seemed to me that printing paper is essential, at least till everyone had confidence and maybe permanently.

Printing paper ballots does not quite negate the purpose. The complex counting for the PR-STV upper houses takes weeks. A computer would do it instantly.

Of course it would do the lower houses instantly too which would ruin the Don’s Party event.

There is no need for the stark choice. A few random, scrutinised checks on the computer’s answers would satisfy most people. In electorates where the result was close the paper count would settle the matter. It would be nice if the outfit in charge is trustworthy – as our AEC is.

The paper would be the legally deciding figure but if the paper was printed by the computer it is hard to see how it could differ.

I don’t understand why the matter is made so complicated with specialised machines and touch screens. To my mind, a voting booth could simply consist of an ordinary PC with a small printer attached. You use the mouse to vote on the screen and then click the green submit button.

The computer would warn you if it is an invalid vote and offer the chance to fix it but then accept it if you insist. Then it prints your vote and you fold it and slip it into the ballot box in the usual way. If you had second thoughts and didn’t like the paper print out you’d have to speak to an official about cancelling it.

Seems pretty straightforward to me. After two or three elections, people would see it as normal. I don’t see any advantage in making the software public.

One NOT connected to ANY form of network, presumably. Then you take the numbered printout (each PC being given in advance a range of serial numbers to use) to a numbered ballot box, which when full is taken to a nearby room full of professional non-partisan counters, overseen by party scrutineers.

I’m with Jacques basically. Technology which helps avoid accidental informal voting is great, but there’s a lot to love about having many many humans involved (you can’t bribe them all), and a PROPER (i.e. comprehensive) paper trail.

Course you’d connect it. That’s how the results get known by five past six.

I suppose there would be encryption but I can’t see that it’s important. Stuffing ballot boxes is a lot of work for little gain unless you are in PNG or somewhere like that. It might be worth it in a marginal seat but those are the very ones where people would be counting the paper votes so electronic stuffing would be a hopless ploy. Compulsory voting mitigates against serious stuffing because turnout is high and the ballot is fairly predictable.

I’d want a complete paper trail, allow re-interpretation of possibly ambiguous ballots, with certification (down to the level of the electoral officer who allowed the vote), and a guarantee of no electronic hacking (especially by predominantly right-wing spooks who are the technical experts on hacking!).

Hmmmm….. that’s what we’ve got already!

(Admittedly, this only works for general elections rather than the ideal of the citizenry voting on each issue like the ancient Athenians did!)